Markus Kirchberg

TrustCloud: A Framework for Accountability and Trust in Cloud Computing

The key barrier to widespread uptake of cloud computing is the lack of trust in clouds by potential customers. While preventive controls for security and privacy are actively researched, there is still little focus on detective controls related to cloud accountability and audit ability. The complexity resulting from large-scale virtualization and data distribution carried out in current clouds has revealed an urgent research agenda for cloud accountability, as has the shift in focus of customer concerns from servers to data. This paper discusses key issues and challenges in achieving a trusted cloud through the use of detective controls, and presents the Trust Cloud framework, which addresses accountability in cloud computing via technical and policy-based approaches.

μCloud: Towards a New Paradigm of Rich Mobile Applications

Abstract Rich mobile applications are characterized by rich functionality, offline usability and portability. However, it isnot trivial to simultaneously satisfy all the three criteria. Existing approaches such stand-alone applications and the thin-client architecture satisfy only a subset of these criteria. In this paper, we show that rich mobile applications can be achieved through the convergence of mobile and cloud computing. We address two main issues in cloud-enabled mobile applications, namely complexity of application development and offline usability. We then propose μCloud framework which models a rich mobile application as a graph of components distributed onto mobile devices and the cloud. Lastly, we discuss μClouds major research issues, i.e., workflow language for interactive applications, offline usability, secure and scalable multi-tenancy, portability and energy optimization.

How to Track Your Data: The Case for Cloud Computing Provenance

Provenance, a meta-data describing the derivation history of data, is crucial for the uptake of cloud computing to enhance reliability, credibility, accountability, transparency, and confidentiality of digital objects in a cloud. In this paper, we survey current mechanisms that support provenance for cloud computing, we classify provenance according to its granularities encapsulating the various sets of provenance data for different use cases, and we summarize the challenges and requirements for collecting provenance in a cloud, based on which we show the gap between current approaches to requirements. Additionally, we propose our approach, Data PROVE, that aims to effectively and efficiently satisfy those challenges and requirements in cloud provenance, and to provide a provenance supplemented cloud for better integrity and safety of customers data.

Design by example for SQL table definitions with functional dependencies

A database is C-Armstrong for a given set of constraints in a class C if it satisfies every constraint of the set and violates every constraint in C not implied by the set. Therefore, Armstrong databases are test data that perfectly illustrate the current perceptions about the semantics of a schema. We extend the existing theory of Armstrong relations to a toolbox of Armstrong tables. That is, we investigate structural and computational properties of Armstrong tables for the class of functional dependencies (FDs) over SQL tables. Relations are special instances of SQL tables with no duplicate rows and no null value occurrences. While FDs do not enjoy Armstrong tables, the combined class of standard FDs and NOT NULL constraints does enjoy Armstrong tables. The problem of finding an Armstrong table is shown to be precisely exponential for this combined class. However, we establish an algorithm that computes Armstrong tables with a size at most quadratic in that of a minimum-sized Armstrong table. Our resulting toolbox of Armstrong tables can be applied by data engineers to concisely visualize constraints on SQL data. Such support can lead to designs that guarantee efficient data management in practice.

From system-centric to data-centric logging - Accountability, trust & security in cloud computing

Cloud computing signifies a paradigm shift from owning computing systems to buying computing services. As a result of this paradigm shift, many key concerns such as the transparency of data transfer and access within the cloud, and the lack of clarity in data ownership were surfaced. To address these concerns, we propose a new way of approaching traditional security and trust problems: To adopt a detective, data-centric thinking instead of the classical preventive, system-centric thinking. While classical preventive approaches are useful, they play a catch-up game; often do not address the problems (i.e. data accountability, data retention, etc) directly. In this paper, we propose a data-centric, detective approach to increase trust and security of data in the cloud. Our framework, known as TrustCloud, contains a suite of techniques that address cloud security, trust and accountability from a detective approach at all levels of granularity. TrustCloud also extends detective techniques to policies and regulations governing IT systems.

Tracking of Data Leaving the Cloud

Data leakages out of cloud computing environments are fundamental cloud security concerns for both the end-users and the cloud service providers. A literature survey of the existing technologies revealed the inadequacies of current technologies and the need for a new methodology. This position paper discusses the requirements and proposes a novel auditing methodology that enables tracking of data transferred out of Clouds. Initial results from our prototypes are reported. This research is aligned to our vision that by providing transparency, accountability and audit trails for all data events within and out of the Cloud, trust and confidence can be instilled into the industry as users will get to know what exactly is going on with their data in and out of the Cloud.

How to Track Your Data: Rule-Based Data Provenance Tracing Algorithms

As cloud computing and virtualization technologies become mainstream, the need to be able to track data has grown in importance. Having the ability to track data from its creation to its current state or its end state will enable the full transparency and accountability in cloud computing environments. In this paper, we showcase a novel technique for tracking end-to-end data provenance, a meta-data describing the derivation history of data. This breakthrough is crucial as it enhances trust and security for complex computer systems and communication networks. By analyzing and utilizing provenance, it is possible to detect various data leakage threats and alert data administrators and owners; thereby addressing the increasing needs of trust and security for customers data. We also present our rule-based data provenance tracing algorithms, which trace data provenance to detect actual operations that have been performed on files, especially those under the threat of leaking customers data. We implemented the cloud data provenance algorithms into an existing software with a rule correlation engine, show the performance of the algorithms in detecting various data leakage threats, and discuss technically its capabilities and limitations.

Formal concept discovery in semantic web data

Semantic Web efforts aim to bring the WWW to a state in which all its content can be interpreted by machines; the ultimate goal being a machine-processable Web of Knowledge. We strongly believe that adding a mechanism to extract and compute concepts from the Semantic Web will help to achieve this vision. However, there are a number of open questions that need to be answered first. In this paper we will establish partial answers to the following questions: 1) Is it feasible to obtain data from the Web (instantaneously) and compute formal concepts without a considerable overhead; 2) have data sets, found on the Web, distinct properties and, if so, how do these properties affect the performance of concept discovery algorithms; and 3) do state-of-the-art concept discovery algorithms scale wrt. the number of data objects found on the Web?

Efficient Migration of Virtual Machines between Public and Private Cloud

Cloud computing service providers offer cost-effective means to burst computational needs and utilise live migration of virtual machines (VMs) for effective and efficient work-load movements with short service downtimes. However, there is a lack of support for migrating VMs between different service providers as well as private and public cloud offerings, main challenges arise from the bandwidth and storage costs of data during migration potentially mitigating any cost benefit. In this paper, we propose and evaluate techniques for efficient and effective transfer and storage of VM images, which have high duplication, for both instance and volume-based cloud storage. Our main focus is on both the public and private cloud infrastructure and the movement of VMs between them.

Overcoming Large Data Transfer Bottlenecks in RESTful Service Orchestrations

As REST (Representational State Transfer)-ful services are closely coupled to the HTTP (Hypertext Transfer Protocol), which eventually sits above the connection-based TCP (Transmission Control Protocol), it is common for RESTful services to experience latency and transfer inefficiencies especially in situations requiring the services to transfer large-scale data (i.e. above gigabytes of data) in RESTful workflows. Such inefficiencies are undesirable and impractical, and are compounded for RESTful service orchestrations in data-intensive industries such as Big Data analytics, cloud computing and life sciences. In this paper, we propose a non-invasive novel technique, Fast-Optimised-REST (FOREST), which enables RESTful services to overcome the traditional bottlenecks experienced during transfer of large sets of data. The initial experimental results show promise and demonstrated very significant reductions of up to 80% from original REST-ful data transfer times for extremely large data sets.